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REMARKS/ARGUMENTS 

Prior to this amendment, claims 1-8, 10-17, 19-26 and 28-40 were pending. In 
this amendment, no claims are added, amended, or canceled. No new matter is added. Thus, 
after entry of this amendment, claims 1-8, 10-17, 19-26 and 28-40 are pending. 

Claim Rejections 35 USC § 103(a), Sunder. Stolfo 

Claims 1, 10, 19, 32, 33, and 38 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of U.S. 
Patent No. 7,069,249 to Stolfo et al. ("Stolfo"). This rejection is traversed. 

Claims 1, 10, and 19 

Obviousness has not been established, since it would not be rational to combine the references 
in the manner proposed by the Examiner. 

Obviousness has not been established, since the reason to modify Sunder to include a 
central transaction server that initiates a payment request, does not have any rational 
underpinning. '"[R] ejections on obviousness cannot be sustained by mere conclusory statements; 
instead, there must be some articulated reasoning with some rational underpinning to support the 

legal conclusion of obviousness.'" KSR, 550 U.S. at , 82 USPQ2d at 1396. MPEP 2141 (III). 

With regard to claim 1 , the Office Action alleges that a person of ordinary skill in the art would 
be motivated to combine the system in Sunder with a "central transaction server (proxy 
computer) initiates a payment request." as described in Stolfo. (Office Action, Pg.4). The Office 
Action alleges the motivation to do this would be that it provides an additional layer of security. 
(Id.). 

A person of ordinary skill in the art would not have wanted to combine the system in 
Sunder with the proxy computer of Stolfo initiating a payment process, to provide an additional 
layer of security, because it does not provide an additional layer of security. First, a central 
transaction server initiating a payment request does nothing to further identify and authenticate a 
user as described in Sunder, so no additional security is provided. Second, by initiating a 
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payment process, the user information must then be sent to additional systems to process the 
payment. This results in the user information to be sent to even more systems, where the 
information may be compromised, thus reducing security. A person of ordinary skill in the art 
would not have wanted to combine Sunder and Stolfo to provide an additional layer of security as 
alleged by the Examiner, because, in the best case, the combination does nothing to provide 
additional security. Furthermore, the combination may actually reduce security, and thus teach 
away from the Office Action's alleged motivation to combine the references. 



Obviousness has not been established, since improper hindsight was used to combine the 
references. 

Obviousness has not been established, since improper hindsight was used to combine the 
references. As explained by MPEP 2142: 

To reach a proper determination under 35 U.S. C. 103, the 
examiner must step backward in time and into the shoes worn by 
the hypothetical "person of ordinary skill in the art" when the 
invention was unknown and just before it was made. In view of all 
factual information, the examiner must then make a determination 
whether the claimed invention "as a whole" would have been 
obvious at that time to that person. Knowledge of applicant's 
disclosure must be put aside in reaching this determination, yet 
kept in mind in order to determine the "differences," conduct the 
search and evaluate the "subject matter as a whole" of the 
invention. The tendency to resort to "hindsight" based upon 
applicant's disclosure is often difficult to avoid due to the very 
nature of the examination process. However, impermissible 
hindsight must be avoided and the legal conclusion must be 
reached on the basis of the facts gleaned from the prior art. 

Here, neither Sunder nor Stolfo teach or suggest that increased security is provided when one 
uses a central transaction server (proxy computer) to initiate a payment request. Because the 
prior art does not teach or suggest the reason to combine Sunder and Stolfo, obviousness has not 
been established for yet another reason. The Office Action provides no evidence that one of 
ordinary skill in the art would have done what the Examiner proposes at the time of the 
invention. Since no evidence has been supplied with indicates that increased security would be 
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provided by initiating a payment request, obviousness has not been established for yet another 
reason. 

Claims 10 and 19 are rejected for the same reasons as claim 1, and as such, the argument 
presented above applies to those claims. 



Claims 32 and 33 

In addition to the reasons presented above, each and every limitation of claim 32 and 33 

is not taught by Sunder and Stolfo. Claim 32 recites: 

The system of claim 1 wherein the payment request process includes a charge request, wherein the 
charge request is generated by a merchant and is subsequently sent to an acquirer. 

(emphasis added). The Office Action has failed to show where and acquirer has been taught in 
either Sunder or Stolfo. Claim 32 recites a similar limitation. 

Claim 38 

Claim 38 recites: 

The system of claim 1, wherein the central transaction server further hosts at least one web page. 

(emphasis added). Claim 38 is allowable as it depends from an allowable independent claim. In 
addition, the Office Action alleges that hosting at least one web page is described in Stolfo, and a 
person of ordinary skill in the art would have been motivated to combine a web page as 
described in Stolfo with the system as described in Sunder in order to provide an additional layer 
of security. Hosting a web page does not add an additional layer of security. Accordingly, the 
alleged reason to modify Sunder with the teachings in Stolfo is not rational and obviousness has 
not been established with respect to claim 38 for yet another reason. 

Claim Rejections 35 USC § 103(a), Sunder, Stolfo, Kranzlev 

Claims 2, 1 1, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of U.S. Patent No. 7,069,249 
to Stolfo et al. ("Stolfo") in further view of U.S. Publication No. 2002/0128973 to Kranzley et al. 
("Kranzley"). This rejection is traversed. The addition of the Kranzley reference is insufficient 



Page 11 of 16 



Appl. No. 10/705,212 PATENT 

Amdt. dated June 26, 2008 

Reply to Office Action of May 2, 2008 

to overcome the improper combination of Sunder and Stolfo as discussed above. The claims are 
allowable at least by virtue of their dependence on their respective independent claims. 

Claim Rejections 35 USC § 103(a). Sunder. Stolfo, Gerdes 

Claims 3, 12, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of U.S. Patent No. 7,069,249 
to Stolfo et al. ^Stolfo") in further view of U.S. Publication No. 2003/0046541 to Gerdes et al. 
^Gerdes"). This rejection is traversed. The addition of the Gerdes reference is insufficient to 
overcome the improper combination of Sunder and Stolfo as discussed above. The claims are 
allowable at least by virtue of their dependence on their respective independent claims. 

Claim Rejections 35 USC $ 103(a). Sunder. Stolfo. Golan 

Claims 4-6, 13-15, 22-24 and 28-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Publication No. 2005/0021781 to Sunder et al. (" 'Sunder") in view of U.S. 
Patent No. 7,069,249 to Stolfo et al. ("Stolfo") in further view of U.S. Publication No. 
2004/0254848 to Golan et al. ("Golan"). This rejection is traversed. The addition of the Golan 
reference is insufficient to overcome the improper combination of Sunder and Stolfo as discussed 
above. The claims are allowable at least by virtue of their dependence on their respective 
independent claims. 

Claims 29 and 31 

In addition to being allowable by virtue of their dependence on their respective 
independent claims, claims 29 and 3 1 are allowable because it would not have been obvious to 
combine the references. Claim 29 recites: 

The method of claim 28, further comprising: 

modifying the verifying enrollment response received from the access control 

server; and 

forwarding the modified verifying enrollment response to the directory server. 
(emphasis added). Claim 31 recites a similar limitation. The Office Action alleges that 
modifying data is well known in the art of data processing, and that a person of ordinary skill in 
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the art would have been motivated to do this because it provides an additional level of security. 
Modifying a verifying enrollment response would not provide an additional layer of security, and 
may decrease security, as the original message sent from the access control server would be 
altered. Accordingly, the alleged reason to modify as proposed by the Examiner is not rational 
and obviousness has not been established with respect to claim 38 for yet another reason. 

In addition, to the extent that the Examiner is taking official notice, Applicants traverse 
every instance in which official notice is taken, and Applicants request that a reference be found 
to support each limitation of each claim being examined. 



Claim Rejections 35 USC $ 103(a). Sunder. Stolfo, Otto 

Claims 7, 16, and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of U.S. Patent No. 7,069,249 
to Stolfo et al. ('Stolfo") in further view of U.S. Publication No. 2001/0029496 to Otto et al. 
("Otto"). This rejection is traversed. Claims 7, 16, and 25 are allowable at least by virtue of 
their dependence from independent claims 1,10 and 19. 

Furthermore, Claim 7 recites: 

The electronic commerce card authentication system of claim 1, wherein the authentication 
request includes a pseudonym corresponding to an electronic commerce card account number 
and previously created by the central transaction server. 

(emphasis added). Claims 16 and 25 recite similar limitations. 

The Office Action alleges it would have been obvious to combine the system of Sunder 
with the pseudonym corresponding to an electronic commerce account in Otto, and that a person 
of ordinary skill in the art would be motivated to do so because it allows a user to anonymously 
purchase goods and services over a network. The system in Sunder is directed to identifying a 
user, and allowing a user to remain anonymous would teach away from identifying a user. As 
such, allowing a user to anonymously purchase goods and services over a network would not be 
a sufficient reason for a person of skill in the art to combine these two references. 
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Claim Rejections 35 USC $ 103(a), Sunder, Stolfo, Allen 

Claims 8, 17, and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Publication No. 2005/0021781 to Sunder et al. ^Sunder") in view of U.S. Patent No. 7,069,249 
to Stolfo et al. ("Stolfo") in further view of U.S. Publication No. 2003/0168510 to Allen et al. 
(" 'Allen"). This rejection is traversed. Claims 8, 17, and 26 are allowable at least by virtue of 
their dependence from independent claims 1,10 and 19. 

Furthermore, Claim 8 recites: 

The electronic commerce card authentication system of claim 1 , wherein the authentication 
request includes a pseudonym previously created by a merchant system that corresponds to an 
electronic commerce card account number. 

(emphasis added). Claims 16 and 25 recite similar limitations. 

The Office Action alleges it would have been obvious to combine the system of Sunder 
with the pseudonym previously created by a merchant system that corresponds to an electronic 
commerce account in Allen, and that a person of ordinary skill in the art would be motivated to 
do so because it protects messages and information being transmitted during a transaction. The 
system in Sunder is directed to identifying a user, and protecting messages and information being 
transmitted during a transaction would not help in identifying a user. As such, protecting 
messages and information being transmitted during a transaction would not be reason for a 
person of skill in the art to combine these two references. 

Claim Rejections 35 USC § 103(a), Sunder, Golan, Allen 

Claims 34-37, 39, and 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

US Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of U.S. Publication No. 

2004/0254848 to Golan et al. ("Golan") in further view of U.S. Publication No. 2003/0168510 to 

Allen et al. ("Allen"). This rejection is traversed. Claim 34 recites: 

A method performed by a central transaction server, the method comprising: 
receiving a verifying enrollment request; 

sending the verifying enrollment request to an access control server; 
receiving a verifying enrollment response from the access control server; 
creating an altered verifying enrollment response comprising a pseudonym; 
sending the altered verifying enrollment response to a merchant system, wherein the merchant 
system subsequently sends an authentication request including the pseudonym to a holder system; 

receiving the authentication request with the pseudonym from the holder system; 
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sending the authentication request with the pseudonym to the access control server; 

receiving an authentication response; and 

sending the authentication response to the holder system. 

{emphasis added). The Office Action alleges that it would have been obvious to a person of 
ordinary skill in the art to combine the references, and they would have been motivated to do so 
to provide an additional level of security. The system as described in Sunder identifies a user. It 
would not have been obvious to modify the system as described in Sunder include a pseudonym 
as described in Allen to improve security, because as discussed with respect to claim 7, use of a 
pseudonym would decrease security. Furthermore, it would not have been obvious to create an 
altered verifying enrollment response to improve security, as was discussed with regard to claim 
29. 

Claims 35-37 arc allowable at least by virtue of their dependence from their respective 
independent claims. 

Claims 39 and 40 

Claims 39 and 40 contain limitations similar to claim 38. The Office Action alleges that 
hosting at least one web page is disclosed in Stolfo, and a person of ordinary skill in the art 
would have been motivated to combine a web page as described in Stolfo with the system as 
described in Sunder in order to provide an additional layer of security. Hosting a web page does 
not add an additional layer of security. 
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CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance and an action to that end is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 415-576-0200. 



Respectfully submitted, 

/Preetam B. Pagar/ 

Preetam B. Pagar 
Reg. No. 57,684 

TOWNSEND and TOWNSEND and CREW LLP 
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